[Pkg-tcltk-devel] Bug#505363: tk8.4: CVE-2008-0533 buffer overrun flaw
michael.s.gilbert at gmail.com
Tue Nov 11 21:18:19 UTC 2008
ubuntu has just released "fixes" for a buffer overrun flaw in tk .
they describe the problem as:
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
i am setting the severity important (rather than grave) since the
debian security tracker  already says that the problem is
"not-for-us," so it may not affect debian at all. maybe ubuntu has
once again overreacted by "fixing" a problem that isn't really a
More information about the Pkg-tcltk-devel